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DETAILED ACTION 



1 . This Office Action is responding to the RCE received on 08/31/05. 



2. Claims 1-33 are pending. 



Claim Rejections - 35 USC § 103 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosesd or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



4. Claims 1-33 rejected under 35 U.S.C. 103(a) as being unpatentable over Chiu et 
al, US Patent No. 5101402, hereinafter "chiu", in view of Dietz et al, US Patent No. 
6651099, hereinafter "Dietz". 

5. As per claims 1 and 18: 

Chiu discloses a method for providing a unique identification of monitored network data 
instances flowing across various connections between networked devices, the unique 
identification being derived from information contained entirely within each instance of 
the network data, the method comprising: using at least one monitoring device to 
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monitor a network data instance flowing across at least one data connection (Col 7 lines 
15-39); deriving from the data instance certain information which collectively provides a 
unique identification (Col 9 lines 1-54) of the network data instance; However, Chiu 
does not discloses "assembling the derived information into an input string for a hash 
function; and using the output string of the hash function as a signature which 
represents a unique identifier of the network data instance". Nevertheless, the method 
of deriving the unique identifier using the hash function to create the signature is taught 
by Dietz in (Col 6 lines 18-19, Col 13 lines 20-36, Col 13 line 62 to Col 14 line 67, and 
Col 32 lines 39-67). Therefore, it would have been obvious for one having ordinary skill 
in the art to incorporate the hash function to create the signature of the unique 
identification data captured by the Chiu's invention. The result is a unique identifier 
signature of the session or data instance in the network. This signature is unique and 
minimal in sizing, which can be easily stored and processed (Col 10 lines 53-60). 

6. As per claims 2, 7-9, and 24-26: 

Chiu discloses the method according to Claims 1 and 18, wherein the deriving step 
includes: deriving from the data instance a source and destination address for the data; 
deriving from the data instance a source and destination port associated with the 
networked devices (Col 3 lines 24-40, Col 8 lines 54-61, and Col 9 lines 3-25) (The 
Transport layer header info has the ports info and The Link layer header info has the 
address info); deriving from the data instance at least one sequence number associated 
with data instance (Col 9 lines 33-45). 
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7. As per claims 3, 4, 15, 20-21, and 32: 

Chiu discloses the method according to Claims 1 and 18, which further includes: 
attaching the signature to at least one data report associated with the network data 
instance; and transmitting data reports and signatures from each monitoring device to a 
central collecting device (Col 12 lines 7-14). 

8. As per claims 5 and 22: 

Chiu disclose the method according to Claims 3 and 20, wherein the central collecting 
device uses the signatures to eliminate duplicate data reports that might come in from 
different monitoring devices positioned at different locations on the network (Col 12 lines 
19-28). 

9. As per claims 6 and 23: 

Chiu discloses the method according to Claims 1 and 18, wherein network data 
instances are data packets as part of a TCP/IP (Transmission Control Protocol/Internet 
Protocol) client-server network (Col 1 lines 13-24, and Col 2 lines 24-39). 

10. As per claims 10 and 27: 

Chiu discloses the method according to Claims 9 and 26, wherein the at least one 
sequence number includes both a client sequence number and a server sequence 
number (Col 9 lines 40-45, and Col 1 lines 17-24) (The sequence number cited is the 
number of packet sending back and forth by both ends). 
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11. As per claims 11 and 28: 

Ciu discloses the method according to Claims 2 and 19, wherein the input string 
information does not include sequence numbers (Col 9 lines 3-9). 

12. As per claims 12 and 29: 

Chiu discloses the method according to Claims 1 1 and 28, wherein the network data 
instances are datagrams as part of a UDP/IP (User Datagram Protocol/Internet 
Protocol) network (Col 9 line 21) (The ACK is the UDP packet). 

13. As per claims 13 and 30: 

Chiu discloses the method according to Claims 1 and 18. However, Neither Chiu or 
Dietz discloses "truncating the signature to include fewer bits than the hash function 
output string". Nevertheless, It would have been obvious at the time of the invention for 
one having ordinary skill in the art to reduce the output string to a fewer bits. This 
operation will obviously create a uniform unique signature for storage and processing 
purpose. 

14. As per claims 14 and 31 : 

Chiu discloses the method according to Claims 1 and 18, which further includes: adding 
flag bits to the signature which indicate the type of application associated with the 
network data instance (Col 10 line 54-57). 
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15. As per claim 16: 

Chiu discloses the method according to Claim 1, wherein the monitoring device 
operates to directly monitor the network data (Col 7 lines 15-27). 

16. As per claim 17: 

Chiu discloses the method according to Claim 1, wherein the monitoring device 
operates to indirectly monitor the network data (Col 7 lines 15-27). 

17. As per claim 33: 

Chiu disclose method for providing a unique session key of monitored network data 
packets flowing across various connections between networked devices, the unique 
session key being derived from information contained entirely within each instance of 
the network data packet, the method comprising: using at least one monitoring device to 
monitor a network data packet flowing across at least one data connection (Col 12 lines 
19-28); deriving from the data packet a source and destination address for the data is 
inherent in a TCP/IP network; deriving from the data packet a source and destination 
port associated with the networked devices is inherent in a TCP/IP network (Col 3 lines 
24-40, Col 8 lines 54-61 , and Col 9 lines 3-25) (The Transport layer header info has the 
ports info and The Link layer header info has the address info); deriving from the data 
packet at least one sequence number associated with data instance (Col 9 lines 33-45); 
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attaching the unique session identifier to at least one data report associated with the 
network data packet (Col 12 lines 7-28, the session identifier is collected information 
from each node); transmitting the data reports from each monitoring device to a central 
collecting device for analysis" in (Col 12 lines 7-28), Chiu does use the hash function 
based on the current session key to access the session record which includes all the 
information derived above (Col 10 lines 18-23). However, "Chiu does not assembling 
the derived addresses, ports, and at least one sequence number information into an 
input string for a hash function; and using the output string of the hash function as the 
signature which represents a unique identifier of the network data packet". 
Nevertheless, the method of deriving the unique identifier using the hash function to 
create the signature is taught by Dietz in (Col 6 lines 18-19, Col 13 lines 20-36, Col 13 
line 62 to Col 14 line 67, and Col 32 lines 39-67 and Fig 2). Therefore, it would have 
obvious for one having ordinary skill in the art to incorporate the hash function to create 
the signature of the unique identification data captured by the Chiu's invention. The 
result is a unique identifier signature of the session or data instance in the network. 
This signature is unique and minimal in sizing, which can be easily stored and 
processed (Col 14 lines 15-35). Dietz's teaching will also provide the unique hash flow 
key signature to the central node for analysis as the collected data passed from the 
nodes to the central node. 
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Response to Arguments 

18. Applicant's arguments filed 08/31/2005 have been fully considered but they are 
not persuasive. 

19. As per remark on page 1 1 regarding to the rejection of claims 1 and 18, Applicant 
cited (Dietz, Col 6 lines 18-19; Col 13 lines 20-23 and lines 30-36) to argue that Dietz 
does not teach "the output string of the hash function as a signature which represents a 
unique identifier of the network data instance". Examiner believes that the Applicant 
has incorrectly applied and interpreted Dietz's teaching. In Col 32 lines 39-67 and 
Figure 2 teaches the KEY1 230, the flow signature. As cited in Col 13 lines 20-23, the 
extracted information, described in Figure 2 KEY1 230, is a unique flow signature of the 
flow or instance. The flow key is the result of the hash of the flow signature, which is 
unique to every flow (Col 13 lines 30-35). Dietz utilizes the flow key to track the data 
instance or flow in the database (Col 13 line 62 to Col 14 line 67). 

20. As per remark on page 1 1 (Id. Further, the hash in Dietz is not intended to be a 
unique identifier because more than one flow entries can be stored in a bin 
corresponding to the same hash. Id.), Applicant argues that the hash result is not a 
unique identifier. However, the cited portion of the Dietz teaching in Col 20 lines 18-22, 
which is the evidence of the argument is not accurate. The cited Col 20 lines 18-22 
teaches a method of lookup a signature flow using the unified flow key buffer (UFKB), 
which is the hash of the flow entry. The bin is a location of storing the hash of the flow 
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entry. In Col 14 lines 14-35, Dietz teaches the advantages of utilizing the hash function 
for fast searching the flow entry. Therefore, it is clearly that Dietz teaches the output 
string of the hash function as a signature, which represents a unique identifier of the 
network data instance or flow. 

21 . Therefore, It would have been obvious at the time of the invention was made for 
one having ordinary skill in the art to incorporate Dietz's teaching with Chiu. 



22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Linh LD Son whose telephone number is 571-272-3856. 
The examiner can normally be reached on 9-6 (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the EJ/ectronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

■ : - :-.v -.^m exams::- ; 

Linh LD Son 

Examiner 




